Does it work if you don't remove the password from the key? What parameters in openssl did you use to strip the password from your key? Try just generating a key without a password in the first place and see if that works.
–
SimonJGreenJan 7 '12 at 16:56

3 Answers
3

I think I may have run into a similar issue when attempting to use a Gandi certificate on Heroku. Heroku kept on complaining that my PEM file didn't match my key, and running openssl x509 -noout -modulus -in example.com.crt gave me an "unable to load certificate" error.

The issue in my case was very simple: when I downloaded the certificate from Gandi, there was an extra blank line between the certificate text and the "--END CERTIFICATE..." line:

EDIT:
With Heroku, you need to make sure that your certificates are in the correct order. If you have already pushed/added a certificate that is messed up, you can try arranging them in different orders (not efficient, but it gets the job done), and you can check out Heroku SSL doctor and utilize the "bypass" option to forego the usual show-stoppers that will allow you to add/update the new cert(s).

TL;DR => when using Heroku SSL Endpoint, be sure to make sure you include the whole bundle and make sure the contents of that bundle are in the correct order. Try Heroku SSL doctor if you are having problems.

Welcome to Server Fault! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.
–
Scott PackSep 24 '12 at 17:01